Disable PatchGuard and Driver Signature Enforcement at boot time
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
Universal PatchGuard and Driver Signature Enforcement Disable
InfinityHookPro Win7 -> Win11 latest
Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
Kernel Level NMI Callback Blocker
A Vulnerable PatchGuard Exploit that can be used to disable PatchGuard on Runtime.
EPROCESS Unlinking example in "C" using DKOM Manipulation
A single byte modification in the kernel memory bypasses and disables all core functions of the AV/EDR security solutions
Kairos is a next-generation, red-team-oriented Windows kernel defense neutralization framework. It combines traditional runtime patching with UEFI persistence, hypervisor-level surveillance, and Secur...
PsLoadedModuleList Unlinking through DKOM Manipulation
22h2 Windows patchguard runtime disabler.
Demonstration code for intercepting and disabling NMI handling on Intel CPUs in Windows kernel mode.